Strava fitness app 'reveals United States military bases'

Adjust Comment Print

Strava, the app for tracking physical activities such as running, swimming and cycling, can reveal sensitive military data as well. Sounds unusual, that's what could be sourced from the global heatmap released by Strava Labs in November 2017.

Strava acts as social media network for athletes with a community of millions of runners, cyclists and triathletes, the company said on its website. More frequently trafficked routes show as bright yellow or white lines.

But a 20-year-old Australian student has called into question some of the data shared from countries including Syria, Afghanistan, Iraq and Yemen.

The Department of Defense said it was reviewing its policies on smartphones and wearable devices.

The Strava app allows users to opt out of data collection for the heat map and set up privacy zones.

The Global Heat Map was posted online in November 2017, but the information it contains was only publicised recently.

The security implication of the Global Heat Map, which was uploaded in November 2017, was publicized by 20-year-old Australian worldwide security student and Institute for United Conflict Analysts founding member Nathan Ruser.

It's not just the United States' military bases that are being exposed on the map. It's one thing to try to discern any viable information from a heat map of the USA or Europe, and quite a different thing to discover potential bases in war zones.

Whoever is to blame we're sure there will be some tough conversations being had in military bases this morning.

The heatmaps show a relatively clear structure of various foreign military bases located around the world.

"Somebody forgot to turn off their Fitbit". If left on during military drills or patrols, the app could also highlight sensitive outposts and a troop's habitual routes.

"It sort of lit up like a Christmas tree", he said after zooming in in Syria, where the scant jogging activity beams out from an all-black background. He won't provide any links or other information as people even in remote locations can be identified without much effort.

"It excludes activities that have been marked as private and user-defined privacy zones". In some cases, as The Guardian reports, the paths appear to show details of the layouts of the military sites that might not otherwise be available to outsiders.

Ruser said he has not been contacted by Strava or military officials. There is nearly no Strava data on the rest of the country.

But something can be done.

While it appears the app is not at fault for this latest privacy issue it is not the first time issues of security have been raised around the Global Positioning System app.